Back close

Course Detail

Course Name Secure Coding
Course Code 24CS746
Program M. Tech. in Computer Science & Engineering
Semester Electives
Credits 3
Campus Coimbatore, Bengaluru, Nagercoil, Chennai

Syllabus

Secure Software Development: Principles of Software Security – Proactive Security development process, Secure Software Development Cycle (S-SDLC),A Risk Management Framework – A taxonomy of Coding Errors, Security Methodologies, Security Framework, Security Models

Defensive Coding Practices: Concepts and Techniques : Buffer Overrun, Format String Problems, Integer Overflow, and Injection flaws : SQL Injection, Command Injection, Failure to Handle Errors, Cross Site Scripting, Broken Authentication and Session Management, Magic URLs, Weak Passwords, Failing to Protect Data, Weak random numbers, improper use of

cryptography, Insecure Direct Object References, Insecure De-serialization, Security Misconfiguration, Information Leakage, Race Conditions, Poor Usability, Not Updating Easily, Executing with too much privilege, Failing to protect network traffic, improper use of PKI, trusting network name resolution.

Security code analysis and review: Code review with a tool (fortify, coverty etc), Code analysis Securing Server, Database, Network and their secure configuration, Firewalls. Case Study : Recent Software vulnerabilities due to insecure programming and how to prevent them during design and implementation. Tools : Azure Devops,, Gitlab CI/CD with security features, Jenkins with security plugins, Sonarcube, OWASP dependency Check, PMD.

Summary

Pre-Requisite(s): Basic Knowledge of Programming Language (s), Database Management, Network, Server
Course Type: Lab

Course Objectives and Outcomes

Course Objectives

  • To learn secure programming practices, configuration of various tiers and layers involved in Software Development.
  • Build secure software resilient to cyber attacks.

Course Outcomes

CO1: Understand the basics of secure programming.

CO2: Understand the most frequent programming errors leading to software vulnerabilities.

CO3: Identify and analyze security problems in software.

CO4: Understand and protect against security threats and software vulnerabilities.

CO4: Effectively apply their knowledge to the construction of secure software systems.

CO-PO Mapping

CO PO1 PO2 PO3 PO4 PO5 PO6
CO1 1 1
CO2 2 1 1 2 1
CO3 1 3 2 2 2
CO4 1 1 2 1 2 1
CO5 2 1 2 2

Evaluation Pattern: 70/30

Assessment

Internal Weightage

External Weightage

Midterm Examination

20

Continuous Assessment (Theory)

10

Continuous Assessment (Lab)

40

End Semester

30

Note: Continuous assessments can include quizzes, tutorials, lab assessments, case study and project reviews. Midterm and End semester exams can be a theory exam or lab integrated exam for two hours

Text Books/References

  1. Paul, M. (2016). Official (ISC) 2 Guide to the CSSLP. CRC Press.
  2. Seacord, R. (2013). Secure Coding in C and C++ (2nd Edition). SEI Series in Software Engineering
  3. Howard, Michael, David LeBlanc, and John Viega. “24 Deadly Sins of Software Security.” Programming Flaws and How to Fix Them (2010). McGraw-Hill Education
  4. Ransome, J., & Misra, A. (2018). Core software security: Security at the source. CRC press.
  5. Bishop, M. (2019). Computer Security(2 nd Edition). Addison-Wesley Professional.
  6. McGraw, G. (2006). Software security: building security in (Vol. 1). Addison-Wesley Professional
  7. John Veiga, Gary Mc Graw, “Building Secure Software: How to Avoid Security Problems the Right Way”, Addison-Wesley Professional Computing Series, 2001
  8. Writing Secure Code, Michael Howard and David LeBlanc,Microsoft Press.
  9. Buffer Overflow Attacks: Detect, Exploit, Prevent by Jason Deckar,Syngress.
  10. Threat Modeling, Frank Swiderski and Window Snyder,Microsoft Professional.

DISCLAIMER: The appearance of external links on this web site does not constitute endorsement by the School of Biotechnology/Amrita Vishwa Vidyapeetham or the information, products or services contained therein. For other than authorized activities, the Amrita Vishwa Vidyapeetham does not exercise any editorial control over the information you may find at these locations. These links are provided consistent with the stated purpose of this web site.

Admissions Apply Now